Displaying 2 results from an estimated 2 matches for "7193842".
Did you mean:
7.193842
2019 Apr 23
4
[PATCH nbdkit 0/2] Be careful not to leak heap memory to the client.
This bug was found by Eric Blake.
In the .pread method we allocate a buffer in the server and pass it to
the plugin. The plugin is supposed to fill it with data. The buffer
was uninitialized so initially contained random heap data, but that's
OK provided the plugin fully overwrote it with data. All correctly
written plugins ought to do this, however there is the possibility of
an
2019 Apr 23
0
[PATCH nbdkit 1/2] ocaml: Initialize pread buffer with zeroes to avoid leaking heap memory.
...client, possibly resulting in a leak of
sensitive data.
We can avoid this by initializing the array with zeroes.
Credit: Eric Blake for finding the bug.
---
plugins/ocaml/ocaml.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/plugins/ocaml/ocaml.c b/plugins/ocaml/ocaml.c
index d854f48..7193842 100644
--- a/plugins/ocaml/ocaml.c
+++ b/plugins/ocaml/ocaml.c
@@ -444,6 +444,10 @@ pread_wrapper (void *h, void *buf, uint32_t count, uint64_t offset,
caml_leave_blocking_section ();
strv = caml_alloc_string (count);
+ /* Initialize the buffer with zeroes in case the plugin does not
+ *...